Unlike other tasks, this one requires runas (become) permissions. So, we need to specify become statement in playbook, and to add following directives in group_vars folder (see this guide how to create it.

add 4 “ansible_become” lines as per example

---

ansible_user: Administrator

ansible_password: Pass

ansible_connection: winrm

ansible_port: 5986

ansible_winrm_server_cert_validation: ignore

ansible_become: yes

ansible_become_user: Administrator

ansible_become_pass: Passw

ansible_become_method: runas

Both are same account,it’s local admin account promoted to Domain Administrator after creating AD Domain, the reason why we need to add those 4 lines is because renaming AD joined machines required Active Directory credentials, those 4 “ansible_become” lines instruct Ansible to use domain administrator credentials instead of local administrator.

Ansible have no module for setting Domain Group Policies,but we can use PowerShell commands. If we need to create Custom GPO and link it to some GPO, we can do it also by Powers shell – by setting Registry Values.

The key must be in one of the two following registry hives:

HKEY_LOCAL_MACHINE (HKLM) for a registry-based policy setting in Computer Configuration.

HKEY_CURRENT_USER (HKCU) for a registry-based policy setting in User Configuration.